Malicious
Malicious

MsproviderHostperfNet.exe

PE Executable
|
MD5: ac4d82f073cbd9d856d240f227cb9080
|
Size: 1.92 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
ac4d82f073cbd9d856d240f227cb9080
Sha1
67ea451a5974562aa78119a61c482d8302f66b0e
Sha256
c4952e123128e1ed3e24727fcd835d02a993858d36712d27ef5629db88d428d1
Sha384
93a8b51c03d6784146069227b7bd6e0639cd3619f8aec20c0c179e3641c8608992f6e6014e3b8baa35eac96800fdd722
Sha512
68842c9db6f3589b98d32c976d31b0ea5aca259baa91fa45487acd38eb631862b3c410978932beea3f092db60a5f9687f8b3031aee5a461030a23046f9e69db8
SSDeep
24576:zylaBiQO1297+EGcuj24VN6kCriQrl4T/zYw1/eIyY/q7jvurJbtBjbvwTqO9UJ0:znBK1Ncw+nhpY/aurJ5drwTt90
TLSH
CA95AE1665924E32C3A467758597213D82B0D7763E52FB0B371F6093AD0BBF18F622B2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
MsproviderHostperfNet.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
aKWkQsyGnEXrCfcNp1.t78oCVdFvo51S9qmaR
jZbCcxA45bpO0l2qii.FWZY8DXIZQjT9DwpPn
mGCF9yPFdRdHmmbXUu.6mfPOJ2B3w1mRc7IHk
rWOIItccXaZ52jc6TQ.rEU6pZ3v48gl0X5PuG
qG3EyEkBuCTRRaE6iI.65JxwlwlwAUOrDZbjC
UwEYyCGFVKt8UmP0Fv.XqZ7oaTcZDVq3QfECk
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Main IL Instruction Count

44
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0030: ldnull ldnull <null> ldnull <null> newobj System.Void V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4::.ctor(System.String,System.String) call System.Void ggCkhYTxPUEo6UeKxmg.okG4olTSCOAmTeSh2l3::iNMTYtyHEU(V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4) ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ret <null> ldc.i4 1302526782 ldc.i4 6 shr <null> ldc.i4 538297147 xor <null> ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_6466e38823124ba597bd304191ef20ed xor <null> call System.String tWR3dvQLtAtCxwUD6hX.Vn2wpoQMXf4o9j4JNVL::kQ1QO1KdPa(System.Int32) newobj System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::.ctor(System.String) call System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::LjKXdthu7R() ldc.i4 1 ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_4b1680f3c1d849d49a6e111af446156f brfalse IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) newobj System.Void gdwydOA2WhG8ANwUgFg.CIyfsRAPsOTTWFhZSPH::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_cc79a747015f481ebe29a9933783a369 brtrue IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) call System.Void lgBJuhe5tgSfVjnALDe.FDKlHQeLkpuXuGa8JEG::lWKTAsT4AIy() ldc.i4 2 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
Module Name

pxqDsBPmp0nY
Full Name

pxqDsBPmp0nY
EntryPoint

System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Scope Name

pxqDsBPmp0nY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SGxDUr5uRrbW2X9YcTIdUkMi5E
Assembly Version

4.1.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

47
Main Method

System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu()
Main IL Instruction Count

44
Main IL

ldc.i4 3 stloc V_0 br IL_000E: ldloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] br IL_0030: ldnull ldnull <null> ldnull <null> newobj System.Void V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4::.ctor(System.String,System.String) call System.Void ggCkhYTxPUEo6UeKxmg.okG4olTSCOAmTeSh2l3::iNMTYtyHEU(V7ePvUwZXP8qu8uWMKR.tjGwdWwsRhY3TyQGxT4) ldc.i4 4 stloc V_0 br IL_000E: ldloc V_0 ret <null> ldc.i4 1302526782 ldc.i4 6 shr <null> ldc.i4 538297147 xor <null> ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_6466e38823124ba597bd304191ef20ed xor <null> call System.String tWR3dvQLtAtCxwUD6hX.Vn2wpoQMXf4o9j4JNVL::kQ1QO1KdPa(System.Int32) newobj System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::.ctor(System.String) call System.Void wTsShLXyq6h4J76h9YJ.xQ8pjcX2EdFokD8TdkS::LjKXdthu7R() ldc.i4 1 ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_4b1680f3c1d849d49a6e111af446156f brfalse IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) newobj System.Void gdwydOA2WhG8ANwUgFg.CIyfsRAPsOTTWFhZSPH::.ctor() pop <null> ldc.i4 0 ldsfld <Module>{07d74948-751b-4403-9f88-75da5912d256} <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_3397c3989250464181c6b003fb10e3bf ldfld System.Int32 <Module>{07d74948-751b-4403-9f88-75da5912d256}::m_cc79a747015f481ebe29a9933783a369 brtrue IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) pop <null> ldc.i4 0 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B) call System.Void lgBJuhe5tgSfVjnALDe.FDKlHQeLkpuXuGa8JEG::lWKTAsT4AIy() ldc.i4 2 br IL_0012: switch(IL_0030,IL_004A,IL_0095,IL_00BA,IL_004B)
MsproviderHostperfNet.exe (1.92 MB)
File Structure
MsproviderHostperfNet.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
aKWkQsyGnEXrCfcNp1.t78oCVdFvo51S9qmaR
jZbCcxA45bpO0l2qii.FWZY8DXIZQjT9DwpPn
mGCF9yPFdRdHmmbXUu.6mfPOJ2B3w1mRc7IHk
rWOIItccXaZ52jc6TQ.rEU6pZ3v48gl0X5PuG
qG3EyEkBuCTRRaE6iI.65JxwlwlwAUOrDZbjC
UwEYyCGFVKt8UmP0Fv.XqZ7oaTcZDVq3QfECk
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙